nach oben

Wireless Personal Communications

Erschienen in:

01.02.2016

Design and Analysis of a Provably Secure Multi-server Authentication Scheme

verfasst von: Dheerendra Mishra

Erschienen in: Wireless Personal Communications | Ausgabe 3/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Authenticated key agreement protocols play an important role to ensure authorized and secure communication over public network. In recent years, several authentication protocols have been proposed for single-server environment. Most of these protocols present efficient and secure solution for single-server environment. However, adoption of these protocols for multi-server environment is not feasible as user have to register on each server, separately. On the contrary, multi-server authentication schemes require single registration. The one time registration mechanism makes the system user-friendly and supports inter-operability. Unfortunately, most of the existing multi-server authentication schemes require all servers to be trusted, involvement of central authority in mutual authentication or multiple secret keys. In general, a servers may be semi-trusted, thus considering all server to be trusted does not seems to be realistic scenario. Involvement of central authority in mutual authentication may create bottleneck scenario for large network. Also, computation of multiple secret keys may not be suitable for smart card based environment as smart card keeps limited storage space. To overcome these drawbacks, we aim to design an authentication scheme for multi-server environment, where all servers does not need to be trusted, central authority does not require in mutual authentication and smart card need not to store multiple secret keys. In this paper, we first analyze the security of recently proposed Yeh’s smart card based multi-server authentication scheme (Yeh in Wirel Pers Commun 79(3):1621–1634, 2014). We show that Yeh’s scheme does not resist off-line password guessing attack, insider attack and user impersonation attack. Furthermore, we propose an efficient multi-server authentication scheme which does not require all servers to be trusted, central authority no longer needed in authentication and smart card need not to store multiple secret keys. We prove the correctness of mutual authentication of our scheme using the widely-accepted BAN logic. Through the security analysis, we show that our scheme is secure against various known attacks including the attacks found in Yeh’s scheme. In addition, the proposed scheme is comparable in terms of the communication and computational overheads with related schemes.

Nächster Artikel Frequency-Domain Iterative SDFE for MIMO-OFDM Systems

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Mishra, D. (2015). On the security flaws in ID-based password authentication schemes for telecare medical information systems. Journal of Medical Systems, 39(1), 1–16.CrossRef

Mishra, D., & Mukhopadhyay, S. (2014). Cryptanalysis of Yang et al.’s digital rights management authentication scheme based on smart card. Recent Trends in Computer Networks and Distributed Systems Security, 420, 288–297.

Ojanperä, T., & Mononen, R. (2002). Security and authentication in the mobile world. Wireless Personal Communications, 22(2), 229–235.CrossRef

He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.CrossRef

He, D., & Zeadally, S. (2015). Authentication protocol for an ambient assisted living system. IEEE Communications Magazine, 53(1), 71–77.CrossRef

Mishra, D., Chaturvedi, A., & Mukhopadhyay, S. (2015). An improved biometric-based remote user authentication scheme for connected healthcare. International Journal of Ad Hoc and Ubiquitous Computing, 18(1–2), 75–84.CrossRef

He, D., Kumar, N., & Chilamkurti, N. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences. doi:10.1016/j.ins.2015.02.010.

Shen, J., Tan, H., Wang, J., Wang, J., & Lee, S. (2015). A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology, 16(1), 171–178.

Chaturvedi, A., Mishra, D., & Mukhopadhyay, S. (2013). Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card. In Information systems security (pp. 63–77). Springer.

10.

Moon, J. S., Park, J. H., Lee, D. G., & Lee, I.-Y. (2010). Authentication and ID-based key management protocol in pervasive environment. Wireless Personal Communications, 55(1), 91–103.CrossRef

11.

Guo, P., Wang, J., Geng, X. H., Kim, C. S., & Kim, J.-U. (2014). A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology, 15(6), 929–936.

12.

Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1), 85–95.CrossRef

13.

Li, L.-H., Lin, L.-C., & Hwang, M.-S. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.CrossRef

14.

Lin, I.-C., Hwang, M.-S., & Li, L.-H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.CrossRefMATH

15.

Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multi-server architecture. IEEE Communications Letters, 10(8), 580–581.CrossRef

16.

Juang, W.-S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.CrossRef

17.

Chang, C.-C., & Lee, J.-S. (2004). An efficient and secure multi-server password authentication scheme using smart cards. In 2004 international conference on cyberworlds, IEEE (pp. 417–422).

18.

Tsai, J.-L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3), 115–121.CrossRef

19.

Chen, Y., Huang, C.-H., & Chou, J.-S. (2008). Comments on two multi-server authentication protocols. IACR Cryptology ePrint Archive, 2008, 544.

20.

Tsaur, W.-J., Li, J.-H., & Lee, W.-B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.CrossRef

21.

Chou, J.-S., Chen, Y., Huang, C.-H., & Huang, Y.-S. (2012). Comments on four multi-server authentication protocols using smart card. IACR Cryptology ePrint Archive, 2012, 406.

22.

Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.CrossRef

23.

Chen, T.-Y., Hwang, M.-S., Lee, C.-C., & Jan, J.-K. (2009). Cryptanalysis of a secure dynamic id based remote user authentication scheme for multi-server environment. In 2009 fourth international conference on innovative computing, information and control (ICICIC), IEEE (pp. 725–728).

24.

Hsiang, H.-C., & Shih, W.-K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.CrossRef

25.

Lee, C.-C., Lin, T.-H., & Chang, R.-X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

26.

Truong, T.-T., Tran, M.-T., & Duong, A.-D. (2013). Robust secure dynamic id based remote user authentication scheme for multi-server environment. In Computational science and its applications–ICCSA 2013 (pp. 502–515). Springer.

27.

Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.CrossRef

28.

Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.CrossRef

29.

He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE System Journal, 9(3), 816–823. doi:10.1109/JSYST.2014.2301517.CrossRef

30.

Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.CrossRef

31.

He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.CrossRef

32.

Pippal, R. S., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.CrossRef

33.

He, D., Chen, J., Shi, W., & Khan, M. K. (2013). On the security of an authentication scheme for multi-server architecture. International Journal of Electronic Security and Digital Forensics, 5(3), 288–296.CrossRef

34.

Yeh, K.-H. (2014). A provably secure multi-server based authentication scheme. Wireless Personal Communications, 79(3), 1621–1634.CrossRef

35.

Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London A: Mathematical and Physical Sciences, 426(1871), 233–271.CrossRefMathSciNetMATH

36.

Syverson, P., & Cervesato, I. (2001). The logic of authentication protocols. In Foundations of security analysis and design (pp. 63–137). Springer.

37.

Boyd, C., & Mao, W. (1994). On a limitation of ban logic. In Advances in CryptologyEUROCRYPT93 (pp. 240–247). Springer.

38.

Bellare, M., Canetti, R., & Krawczyk, H. (1996). Keying hash functions for message authentication. In Advances in cryptology (CRYPTO’96) (pp. 1–15). Springer.

39.

Bellare, M., & Rogaway, P. (1997). Collision-resistant hashing: Towards making uowhfs practical. In Advances in cryptology (CRYPTO’97) (pp. 470–484). Springer.

40.

Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48(177), 203–209.CrossRefMathSciNetMATH

41.

Miller, V. S. (1986). Use of elliptic curves in cryptography. In Advances in CryptologyCRYPTO85 proceedings (pp. 417–426). Springer.

42.

Boyd, C., & Mathuria, A. (2003). Protocols for authentication and key establishment. Berlin: Springer.CrossRefMATH

43.

Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. T. M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In Advances in cryptology-CRYPTO 2008 (pp. 203–220). Springer.

44.

Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology-CRYPTO’99 (pp. 388–397). Springer.

45.

Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.CrossRefMathSciNet

46.

Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.CrossRefMathSciNetMATH

47.

Aumasson, J. P., Henzen, L., Meier, W., & Plasencia, M. N. (2010). Quark: A lightweight hash. In Proceedings of workshop on cryptographic hardware and embedded systems (CHES 2010), lecture notes in computer science (Vol. 6225, pp. 1–15). Springer.

48.

Das, A. K., Massand, A., & Patil, S. (2013). A novel proxy signature scheme based on user hierarchical access control policy. Journal of King Saud University: Computer and Information Sciences, 25(2), 219–228.

49.

Abdalla, M., & Pointcheval, D. (2005). Interactive diffie–hellman assumptions with applications to password-based authentication. In Financial cryptography and data security (pp. 341–356). Springer.

50.

Islam, S. H. (2014). Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dynamics, 78(3), 2261–2276.CrossRefMathSciNet

51.

Standard, S. H. FIPS PUB 180-1, National Institute of Standards and Technology (NIST), US Department of Commerce, April 1995. Accessed November 2010.

Titel: Design and Analysis of a Provably Secure Multi-server Authentication Scheme
verfasst von: Dheerendra Mishra
Publikationsdatum: 01.02.2016
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 3/2016
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-015-2975-0

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Jonas Klose/© Pine Valley Capital GmbH, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2016

Performance of a MIMO Y-Shaped Antenna Array with Electromagnetic Vector Sensors

QoS Guaranteed Causal Ordering Group Communication for Cognitive Radio Ad Hoc Networks

Unified Performance Analysis of Multi-antenna Techniques in Dual Hop Networks over Nakagami-m Fading Channels

Low-Complexity MUSIC-Like Algorithm with Sparse Array

SDN and Virtualization-Based LTE Mobile Network Architectures: A Comprehensive Survey

A 3–6 GHz Current Reused Noise Canceling Low Noise Amplifier for WLAN and WPAN Applications

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.